Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 40: FEDORA-2024-2b429e720e moderate: php parameter injection

fedora
Calendar Grey October 2, 2024
Dist Fedora Esm H88
The Laravel patch for Ubuntu resolves multiple vulnerabilities including request forgery, session fixation, and risks in 9.5.7
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi) Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot) Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot) Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). (nielsdos) Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, Thomas Petazzoni) Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud) Fixed uninitialized lineno in constant AST of internal enums. (ilutov) Curl: FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (David Carlier) DOM: ...

Topics%20covered

Topics Covered

security advisory fedora php configuration issue cgi parameter injection

Change Log

* Wed Sep 25 2024 Remi Collet - 8.3.12-1 - Update to 8.3.12 - http://www.php.net/releases/8_3_12.php - enable command history in phpdbg

References

Fedora Update Notification FEDORA-2024-2b429e720e 2024-10-02 02:58:10.993110 Name : php Product : Fedora 40 Version : 8.3.12 Release : 1.fc40 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2b429e720e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 40
Version: 8.3.12
Release: 1.fc40
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory fedora php configuration issue cgi parameter injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here